Update rekall to 1.4.1

It was split in 3 modules
- security/py-rekall-core : CORE component with command line interface
- security/py-rekall_gui : GUI with ipython and web interface
- security/py-rekall : "meta" module

security/Makefile

@@ -275,8 +275,8 @@
     SUBDIR += libassuan
     SUBDIR += libbeid
     SUBDIR += libbf
-    SUBDIR += libcryptui
     SUBDIR += libbzrtp
+    SUBDIR += libcryptui
     SUBDIR += libecc
     SUBDIR += libfprint
     SUBDIR += libgcrypt
@@ -844,6 +844,8 @@
     SUBDIR += py-pysha3
     SUBDIR += py-python-registry
     SUBDIR += py-rekall
+    SUBDIR += py-rekall-core
+    SUBDIR += py-rekall_gui
     SUBDIR += py-requests-kerberos
     SUBDIR += py-rsa
     SUBDIR += py-service_identity

security/py-rekall-core/Makefile

@@ -0,0 +1,34 @@
+# Created by: antoine@FreeBSD.org
+# $FreeBSD$
+
+PORTNAME=	rekall-core
+PORTVERSION=	1.4.1
+CATEGORIES=	security python
+MASTER_SITES=	CHEESESHOP
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	antoine@FreeBSD.org
+COMMENT=	CORE component of the Rekall framework
+
+LICENSE=	GPLv2
+
+RUN_DEPENDS=	cabextract:${PORTSDIR}/archivers/cabextract \
+		${PYTHON_PKGNAMEPREFIX}acora>=1.8:${PORTSDIR}/textproc/py-acora \
+		${PYTHON_PKGNAMEPREFIX}PyAFF4>=0.17:${PORTSDIR}/security/py-pyaff4 \
+		${PYTHON_PKGNAMEPREFIX}capstone>=0:${PORTSDIR}/devel/py-capstone \
+		${PYTHON_PKGNAMEPREFIX}distorm>=0:${PORTSDIR}/devel/py-distorm \
+		${PYTHON_PKGNAMEPREFIX}efilter>=1438631774:${PORTSDIR}/devel/py-efilter \
+		${PYTHON_PKGNAMEPREFIX}intervaltree>=2.0.4:${PORTSDIR}/devel/py-intervaltree \
+		${PYTHON_PKGNAMEPREFIX}pycrypto>=2.3.1:${PORTSDIR}/security/py-pycrypto \
+		${PYTHON_PKGNAMEPREFIX}pyelftools>=0.22:${PORTSDIR}/devel/py-pyelftools \
+		${PYTHON_PKGNAMEPREFIX}pytz>=2012:${PORTSDIR}/devel/py-pytz \
+		${PYTHON_PKGNAMEPREFIX}yaml>=2.10:${PORTSDIR}/devel/py-yaml \
+		${PYTHON_PKGNAMEPREFIX}yara>=0:${PORTSDIR}/security/py-yara
+
+USES=		python:2
+USE_PYTHON=	distutils autoplist
+
+post-patch:
+	@${REINPLACE_CMD} '/argparse/d' ${WRKSRC}/setup.py
+
+.include <bsd.port.mk>

security/py-rekall-core/distinfo

@@ -0,0 +1,2 @@
+SHA256 (rekall-core-1.4.1.tar.gz) = 2708479ab985577ce23fabf1cc7f634cf64051e9c9b2abce47e40839ef31637f
+SIZE (rekall-core-1.4.1.tar.gz) = 723180

security/py-rekall-core/pkg-descr

@@ -0,0 +1,10 @@
+The Rekall Framework is a completely open collection of tools, implemented in
+Python under the GNU General Public License, for the extraction of digital
+artifacts from volatile memory (RAM) samples. The extraction techniques are
+performed completely independent of the system being investigated but offer
+visibility into the runtime state of the system. The framework is intended to
+introduce people to the techniques and complexities associated with extracting
+digital artifacts from volatile memory samples and provide a platform for
+further work into this exciting area of research.
+
+WWW: http://www.rekall-forensic.com/

security/py-rekall/Makefile

@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	rekall
-PORTVERSION=	1.3.2
-PORTREVISION=	1
+PORTVERSION=	1.4.1
 CATEGORIES=	security python
 MASTER_SITES=	CHEESESHOP
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
@@ -12,40 +11,11 @@ MAINTAINER=	antoine@FreeBSD.org
 COMMENT=	Memory forensics analysis framework
 
 LICENSE=	GPLv2
-LICENSE_FILE=	${WRKSRC}/LICENSE.txt
 
-RUN_DEPENDS=	cabextract:${PORTSDIR}/archivers/cabextract \
-		${PYTHON_PKGNAMEPREFIX}acora>=1.8:${PORTSDIR}/textproc/py-acora \
-		${PYTHON_PKGNAMEPREFIX}PyAFF4>=0.12:${PORTSDIR}/security/py-pyaff4 \
-		${PYTHON_PKGNAMEPREFIX}capstone>=0:${PORTSDIR}/devel/py-capstone \
-		${PYTHON_PKGNAMEPREFIX}codegen>=1.0:${PORTSDIR}/devel/py-codegen \
-		${PYTHON_PKGNAMEPREFIX}distorm>=0:${PORTSDIR}/devel/py-distorm \
-		${PYTHON_PKGNAMEPREFIX}Flask>=0.10.1:${PORTSDIR}/www/py-flask \
-		${PYTHON_PKGNAMEPREFIX}Flask-Sockets>=0:${PORTSDIR}/www/py-flask-sockets \
-		${PYTHON_PKGNAMEPREFIX}gevent>=1.0.1:${PORTSDIR}/devel/py-gevent \
-		${PYTHON_PKGNAMEPREFIX}gevent-websocket>=0.9.3:${PORTSDIR}/www/py-gevent-websocket \
-		${PYTHON_PKGNAMEPREFIX}intervaltree>=2.0.4:${PORTSDIR}/devel/py-intervaltree \
-		${PYTHON_PKGNAMEPREFIX}ipython>=2.0.0:${PORTSDIR}/devel/ipython \
-		${PYTHON_PKGNAMEPREFIX}pycrypto>=2.3.1:${PORTSDIR}/security/py-pycrypto \
-		${PYTHON_PKGNAMEPREFIX}pyelftools>=0.22:${PORTSDIR}/devel/py-pyelftools \
-		${PYTHON_PKGNAMEPREFIX}pytz>=2012:${PORTSDIR}/devel/py-pytz \
-		${PYTHON_PKGNAMEPREFIX}yaml>=2.10:${PORTSDIR}/devel/py-yaml \
-		${PYTHON_PKGNAMEPREFIX}yara>=0:${PORTSDIR}/security/py-yara
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}rekall-core>=1.4.0:${PORTSDIR}/security/py-rekall-core \
+		${PYTHON_PKGNAMEPREFIX}rekall_gui>=1.4.0:${PORTSDIR}/security/py-rekall_gui
 
-USES=		python:2 shebangfix
-SHEBANG_FILES=	manuskript/static/bower_components/bootstrap/test-infra/uncached-npm-install.sh
+USES=		python:2
 USE_PYTHON=	distutils autoplist
 
-PORTDOCS=	CREDITS.txt LEGAL.txt README.md
-
-OPTIONS_DEFINE=	DOCS
-
-post-patch:
-	@${CHMOD} -R a+rX ${WRKSRC}
-	@${REINPLACE_CMD} '/argparse/d ; /ipython/s/3.0.0/2.0.0/' ${WRKSRC}/setup.py
-
-post-install:
-	@${MKDIR} ${STAGEDIR}${DOCSDIR}
-	${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
-
 .include <bsd.port.mk>

security/py-rekall/distinfo

@@ -1,2 +1,2 @@
-SHA256 (rekall-1.3.2.tar.gz) = bc4f4d04a863e2b7aa21fbdbf8dcb7e23c2eb8cea526528321f4b9c6ff2b5b07
-SIZE (rekall-1.3.2.tar.gz) = 4145091
+SHA256 (rekall-1.4.1.tar.gz) = e06612eff622d7336b7046ab7663624c0317fa72eb8c7883ed2651d5d8be084f
+SIZE (rekall-1.4.1.tar.gz) = 242194

security/py-rekall_gui/Makefile

@@ -0,0 +1,30 @@
+# Created by: antoine@FreeBSD.org
+# $FreeBSD$
+
+PORTNAME=	rekall_gui
+PORTVERSION=	1.4.1
+CATEGORIES=	security python
+MASTER_SITES=	CHEESESHOP
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	antoine@FreeBSD.org
+COMMENT=	GUI component of the Rekall framework
+
+LICENSE=	GPLv2
+
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}codegen>=1.0:${PORTSDIR}/devel/py-codegen \
+		${PYTHON_PKGNAMEPREFIX}Flask>=0.10.1:${PORTSDIR}/www/py-flask \
+		${PYTHON_PKGNAMEPREFIX}Flask-Sockets>=0:${PORTSDIR}/www/py-flask-sockets \
+		${PYTHON_PKGNAMEPREFIX}gevent>=1.0.2:${PORTSDIR}/devel/py-gevent \
+		${PYTHON_PKGNAMEPREFIX}gevent-websocket>=0.9.3:${PORTSDIR}/www/py-gevent-websocket \
+		${PYTHON_PKGNAMEPREFIX}ipython>=3.0.0:${PORTSDIR}/devel/ipython \
+		${PYTHON_PKGNAMEPREFIX}rekall-core>=1.4.0:${PORTSDIR}/security/py-rekall-core
+
+USES=		python:2
+USE_PYTHON=	distutils autoplist
+
+.include <bsd.port.pre.mk>
+
+PYDISTUTILS_INSTALLARGS+=--install-data ${PYTHONPREFIX_SITELIBDIR}
+
+.include <bsd.port.post.mk>

security/py-rekall_gui/distinfo

@@ -0,0 +1,2 @@
+SHA256 (rekall_gui-1.4.1.tar.gz) = ab8602ab6073327c6fcf96faf662771ebc8d324689f72ad61a81f2fe563631c5
+SIZE (rekall_gui-1.4.1.tar.gz) = 2012182

security/py-rekall_gui/files/patch-setup.py

@@ -0,0 +1,12 @@
+--- setup.py.orig	2015-09-10 14:25:33 UTC
++++ setup.py
+@@ -38,7 +38,8 @@ def find_data_files_directory(source):
+     result = []
+     for directory, _, files in os.walk(source):
+         files = [os.path.join(directory, x) for x in files]
+-        result.append((directory, files))
++        if files:
++            result.append((directory, files))
+ 
+     return result
+ 

security/py-rekall_gui/pkg-descr

@@ -0,0 +1,10 @@
+The Rekall Framework is a completely open collection of tools, implemented in
+Python under the GNU General Public License, for the extraction of digital
+artifacts from volatile memory (RAM) samples. The extraction techniques are
+performed completely independent of the system being investigated but offer
+visibility into the runtime state of the system. The framework is intended to
+introduce people to the techniques and complexities associated with extracting
+digital artifacts from volatile memory samples and provide a platform for
+further work into this exciting area of research.
+
+WWW: http://www.rekall-forensic.com/